- This topic has 2 replies, 2 voices, and was last updated 6 years, 11 months ago by
.
-
Posts
-
I am using the Infinity Pro theme and have several background images on the front page. I wish to implement a Content Security Policy on my site, but note that setting the value of style-src to 'self' causes those backgrounds to not be displayed. The images themselves are stored on the same server as everything else, so that is not the issue. I note that two sources of css, other than my own host, are fonts.googleapis.com and code.ionicframework.com. However, adding them to the value of style-src does not solve the problem.
So, my question is whether someone can tell me how to set the value of style-src in this case.
style-src 'self' requires that files be served from the same URL scheme and port number. This directive blocks inline styles. The background images in Infinity Pro are loaded as inline styles generated at run time. This is why you can't see them.
To allow the inline styles, you have to include 'unsafe-inline'
Regards,
Victor
https://victorfont.com/
Call us toll free: 844-VIC-FONT (842-3668)
Have you requested your free website audit yet?
- The topic ‘Content Security Policy style-src setting’ is closed to new replies.